Authentication Error.
Matthew Newton
mcn4 at leicester.ac.uk
Thu Apr 6 12:56:00 CEST 2017
On Thu, Apr 06, 2017 at 10:20:20AM +0000, mustafa mujahid wrote:
> (1) sql_wlc_huawei: SQL-User-Name set to 'ali.asad'
> rlm_sql (sql_wlc_huawei): Reserved connection (0)
> (1) sql_wlc_huawei: EXPAND SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = '%{SQL-User-Name}' and wlan = 'y' and vlanid=SUBSTR('%{NAS-Port-Id}' ,INSTR('%{NAS-Port-Id}', '=', -1)+3) ORDER BY id
> (1) sql_wlc_huawei: --> SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = 'ali.asad' and wlan = 'y' and vlanid=SUBSTR('slot=3D0=3Bsubslot=3D0=3Bport=3D0=3Bvlanid=3D50' ,INSTR('slot=3D0=3Bsubslot=3D0=3Bport=3D0=3Bvlanid=3D50', '=', -1)+3) ORDER BY id
> (1) sql_wlc_huawei: Executing select query: SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = 'ali.asad' and wlan = 'y' and vlanid=SUBSTR('slot=3D0=3Bsubslot=3D0=3Bport=3D0=3Bvlanid=3D50' ,INSTR('slot=3D0=3Bsubslot=3D0=3Bport=3D0=3Bvlanid=3D50', '=', -1)+3) ORDER BY id
> (1) sql_wlc_huawei: User found in radcheck table
> (1) sql_wlc_huawei: Conditional check items matched, merging assignment check items
> (1) sql_wlc_huawei: NT-Password := 0x4633303443393130313932354643303241364641373646363145303444303133
> rlm_sql (sql_wlc_huawei): Released connection (0)
This is in the (outer) default server, so all the attributes are
available.
> (8) Virtual server wlc_huawei-tunnel received request
> (8) EAP-Message = 0x02ba00431a02ba003e319bd6bf46337ff2fe2f415664c42941220000000000000000451b47de3fcf8963e5af60d7d5d328e8b77dfc3d1354ac0900616c692e61736164
> (8) FreeRADIUS-Proxied-To = 127.0.0.1
> (8) User-Name = "ali.asad"
> (8) State = 0xda51e3dbdaebf9d40b2096b8dfe0e74b
These are the available inner tunnel attributes.
> (8) sql_wlc_huawei: EXPAND %{User-Name}
> (8) sql_wlc_huawei: --> ali.asad
> (8) sql_wlc_huawei: SQL-User-Name set to 'ali.asad'
> rlm_sql (sql_wlc_huawei): Reserved connection (1)
> (8) sql_wlc_huawei: EXPAND SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = '%{SQL-User-Name}' and wlan = 'y' and vlanid=SUBSTR('%{NAS-Port-Id}' ,INSTR('%{NAS-Port-Id}', '=', -1)+3) ORDER BY id
> (8) sql_wlc_huawei: --> SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = 'ali.asad' and wlan = 'y' and vlanid=SUBSTR('' ,INSTR('', '=', -1)+3) ORDER BY id
> (8) sql_wlc_huawei: Executing select query: SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = 'ali.asad' and wlan = 'y' and vlanid=SUBSTR('' ,INSTR('', '=', -1)+3) ORDER BY id
> (8) sql_wlc_huawei: WARNING: Cannot do check groups when group_membership_query is not set
> rlm_sql (sql_wlc_huawei): Released connection (1)
In the inner tunnel - attributes used in the query don't exist.
You need to either set copy_request_to_tunnel=yes in the eap/peap
configuration, or use %{outer.request:NAS-Port-Id} in the query to
get the right attribute value in there.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list